THAT WHICH IS CLAIMED: 



1. A method for selectively allowing a user of a 
multi-user system access to a plurality of resources in 
5 a network, the method comprising: 

receiving a request originated from the user to 
transmit a message over the network to one of the 
plurality of resources; 

identif ying, from a plurality of security zones, a 
10 security zone associated with the one of the plurality 

of resources; 

determining if the user is authorized access to 
the identified security zone; and 

forwarding the message over the network to the one 
15 of the plurality of resources only if it is determined 

that the user is authorized access to the identified 
security zone. 



2. The method of Claim 1, further comprising the 
20 step of associating a security zone with each of the 

plurality of resources. 



3. The method of Claim 2 r further comprising the 
step of specifying the security zones to which users of 
25 the multi-user system are authorized access. 



4. The method of Claim 1, wherein the step of 

identifying the security zone associated with the one 

of the plurality of resources comprises accessing a 

30 data structure that specifies the security zone 

associated with each resource in the plurality of 
resources . 



5. The method of Claim 4, wherein at least one 
35 entry in the data structure specifies the security zone 
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associated with a group of the resources in the 
plurality of resources, and wherein identifying the 
security zone associated with the one of the plurality 
of resources comprises identifying the security zone 
5 associated with the most specific entry in the data 

structure that includes the resource. 



6. The method of Claim 1, wherein the 
identifying and determining steps are performed within 
10 the multi-user system. 



7. The method of Claim 1, wherein the step of 
determining if the user is authorized access to the 
identified security zone comprises querying a security 

15 manager of the multi-user system to determine if the 

user is authorized access to the security zone 
associated with the one of the plurality of resources. 

8. The method of Claim l f wherein the request to 
20 transmit a message is denied if it is determined that 

the user is not authorized access to the security zone 
associated with the one of the plurality of resources 
before any data packets associated with the message are 
forwarded over the network. 

25 

9. The method of Claim 1, wherein the network is 
an internet protocol network. 

10. A method for determining whether to allow an 
30 operation associated with a user identification 

corresponding to a user of a multi-user system that 
involves access to a resource in a network, the method 
comprising : 

classifying the resource as being associated with 
35 a security zone from a plurality of security zones; 
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specifying the security zones from the plurality 
of security zones to which the user identification may 
have access; and 

allowing the operation only if the user 
5 identification is specified as having access to the 

security zone associated with the resource. 

11. The method of Claim 10, wherein allowing the 
operation only if the user identification is specified 

10 as having access to the security zone associated with 

the resource comprises: 

identifying the security zone associated with the 
resource; 

determining if the user identification is 
15 specified as having access to the identified security 

zone; and 

allowing the operation only if the user 
identification is specified as having access to the 
security zone associated with the resource. 

20 

12. The method of Claim 11, wherein the 
identifying step comprises the steps of: 

receiving a request originated from the user 
identification to transmit a message over the network 
25 to the resource; and 

accessing a data structure to identify the 
security zone associated with the resource. 

13. The method of Claim 12, wherein the data 

30 structure specifies the security zone that applies to 

at least one group of resources. 

14. A system for selectively allowing a user of a 
multi-user system access to a plurality of resources in 

35 a network, comprising: 
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means for receiving a request originated from the 
user to transmit a message over the network to one of 
the plurality of resources; 

means for identifying, from a plurality of 
5 security zones, a security zone associated with the one 

of the plurality of resources; 

means for determining if the user is authorized 
access to the identified security zone; and 

means for forwarding the message over the network 
10 to the one of the plurality of resources only if it is 

determined that the user is authorized access to the 
identified security zone. 



15. The system of Claim 14, further comprising 
15 means for associating a security zone with each of the 

plurality of resources. 



16. The system of Claim 15, further comprising 
means for specifying the security zones to which users 

20 of the multi-user system are authorized access. 

17. The system of Claim 14, wherein the means for 
identifying the security zone associated with the one 
of the plurality of resources comprises means for 

25 accessing a data structure that specifies the security 

zone associated with each resource in the plurality of 
resources . 



18. The system of Claim 17, wherein at least one 
30 entry in the data structure specifies the security zone 

associated with a group of the resources in the 
plurality of resources, and wherein the means for 
identifying the security zone associated with the one 
of the plurality of resources comprises means for 
35 identifying the security zone associated with the most 
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specific entry in the data structure that includes the 
resource . 



19. A computer program product for selectively 
5 allowing a user of a multi-user system access to a 

plurality of resources in a network, comprising: 
a computer-readable storage medium having 
computer-readable program code embodied in said medium, 
said computer-readable program code comprising: 
10 computer program product means for receiving a 

request originated from the user to transmit a message 
over the network to one of the plurality of resources; 

computer program product means for identifying, 
from a plurality of security zones, a security zone 
15 associated with the one of the plurality of resources; 

computer program product means for determining if 
the user is authorized access to the identified 
security zone; and 

computer program product means for forwarding the 
20 message over the network to the one of the plurality of 

resources only if it is determined that the user is 
authorized access to the identified security zone. 



20. The computer program product of Claim 19, 
25 further comprising computer program product means for 

associating a security zone with each of the plurality 
of resources. 



21. The computer program product of Claim 20, 
30 further comprising computer program product means for 

specifying the security zones to which users of the 
multi-user system are authorized access. 



22. The computer program product of Claim 19, 
35 wherein the computer program product means for 
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identifying the security zone associated with the one 
of the plurality of resources comprise computer program 
product means for accessing a data structure that 
specifies the security zone associated with each 
5 resource in the plurality of resources. 

23. The computer program product of Claim 22, 
wherein at least one entry in the data structure 
specifies the security zone associated with a group of 

10 the resources in the plurality of resources, and 

wherein the computer program product means for 
identifying the security zone associated with the one 
of the plurality of resources comprises computer 
program product means for identifying the security zone 

15 associated with the most specific entry in the data 

structure that includes the resource. 

24. A method for selectively allowing a user of a 
multi-user system access to a plurality of resources in 
a network, the method comprising: 

receiving a message over the network from one of 
the plurality of resources that is addressed to a 
process running on the multi-user system that is 
associated with the user; 

identifying, from a plurality of security zones, a 
security zone associated with the one of the plurality 
of resources; 

determining if the user is authorized access to 
the identified security zone; and 

forwarding the message to the process only if it 
is determined that the user is authorized access to the 
identified security zone. 
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